Home > Articles > User Management - Sharing Rules

Articles in this section

Authenticate Emails with SPF, DKIM, and SenderID Auto forward your emails to Vtiger Automate Outgoing Emails in Email Settings Managing User Profiles Automation - Approvals Setting up User Roles Automation - Assignment Rules Set up Multi-path Workflows Creating a Scheduled Workflow Automation - Scheduler Creating a Workflow Webforms in Vtiger CRM Set up a Workflow Action to Create Event Set up a Workflow Action to Create Records Set up a Workflow Action to Create Task Set up a Workflow Action to Invoke Custom Function Set up a Workflow Action to Create an SMS Task Set up a Workflow Action to Send Mails Set up a Workflow Action to Update Fields Automation - Workflow Action - Webhook Automation - Workflows - Vtiger Expressions Configuration - Business Hours Configuration - Company Details Configuration - Consents Configuration - Customer Portal Maps in Vtiger CRM Configuration - Usage Details Configuring Encrypted Data Fields in Vtiger CRM Configure Picklist Dependencies Considerations for Deactivating Vtiger Users Control Fields and Record Displays using Configuration Editor Create Reminders for Records and Inbox Create a field of a Grid type Dealing with Currencies and Taxes Enable Desktop Notifications on Chrome Web Browsers Vtiger CRM Add-ons IMAP Configuration - 2-way sync between Vtiger and IMAP providers Setting up Autopay & Payment Gateways Inventory - Tax Management Inventory - Terms and Conditions Login to Vtiger on SSO SAML using ADFS Mailroom Functionality for Different Scenarios Manage Multiple Currencies Marketing and Sales - Deal to Project Mapping Marketing and Sales - Lead Conversion Data Mapping Marketing and Sales - Profile Scoring Module Management - Labels Editor Module Management - Module Numbering My Preferences My Preferences - Calendar Settings Tags in Vtiger My Preferences - Notification Preferences SAML Support in Vtiger CRM Set up Mailroom Settings - Configure Module Settings Settings - Create Dynamic Fields and Layouts Module Management - Creating a Relationship Between Modules Settings - Customize Records and Fields for your Business Settings - How to set email autoresponder to Webform submission? Settings - Left Menu Settings - Manage Global Picklists in Vtiger Settings - Set up your Support Team Settings - Start Up Page Settings - Working with Picklist Values Module Management - Module Builder Support - SLA Policies Troubleshooting Login Issues Add-Edit Unsubscribe Links in your Email Template User Management - Authentication User Management - Encrypted Field Access Logs User Management - Groups User Management - Login History User Management - Profiles User Management - Roles User Management - Settings Log User Management - Users User Management - Vtiger Support Access Vtiger Buzz - Chrome Extension for Notifications Vtiger Implementation wizard Vtiger Language Support Configuring Websense Trackers Websense - Widgets Customizing your Self-Service Portal Theme Using CSS Styles Adding Hidden Fields to a Webform Configuration - Storage Guard Login Page Customization Creating App-specific Password for Gmail Outgoing Server Module Management - Module Layouts & Fields Settings - Personalize Module Layouts Module Management - Modules Adding Custom Module Automation - SMS Reply Actions Duplicate Prevention in Modules Configuring Dependent Fields and Blocks for Modules Formula Fields Creating Custom Filters Adding a local DNS Entry

User Management - Sharing Rules

Learn how to configure Sharing Rules so users can access records and modules.

Ruba

4 Jan, 2024 - Updated 3 months ago

Introduction

Vtiger allows you to customize sharing access across the CRM.

You can choose who can see CRM records just by setting up some rules. So, if you do not want a user to view records in a module, you can simply hide them. All this with the help of Sharing Rules!

In Vtiger CRM, the default access to CRM records is set to Public, which enables every user to see all the records.

Here are some points to remember before getting into the details:

Basic rules:

Admin users have full access to all records. However, read-only fields can only be modified by the system.
Record owners and superiors have full access as long as their profile permits them.
Profiles override the privileges granted by Sharing Rules at the user level. For example, if Profiles do not provide Edit permission, then you cannot allow Write permission in Sharing Rules.

Feature Availability

	Sales Starter	Sales/Help Desk Professional	Sales/Help Desk Enterprise	All-in-One Professional	All-in-One Enterprise
Sharing Rules	-	✓	✓	✓	✓

Note: Sharing rules are also available in Help Desk Starter edition.

Types of Sharing Rules

Here are the different modes available:

Public mode: The Public mode is used to enable public sharing. You can control whether a role or a group can have read, create, edit, delete, or all three permissions using the Public mode.
Private mode: The Private mode is used to block public access. Custom rules can be used to provide access to select roles and groups.

You can add Advanced Sharing Rules to provide customized access to roles and groups. Skip to this section to learn more.

Note: If a module is disabled in Settings > Module Management > Modules, then it is not shown under Sharing Rules, Profiles, and Roles.

Sharing rules enable you to configure the following permissions:

Rule Type	Description
Private	Users can only access records that are assigned to them and of users with roles in the lower hierarchy.
Public - Read-only	Users can view all other users’ records, but cannot modify or delete them. Owners and co-owners can read, write, and delete their records.
Public - Read, Create/Edit	Users can create records. They can also view and edit other users’ records, but cannot delete them.
Public - Read, Create/Edit, Delete	Users can view, edit, and delete other users’ records.

Configuring General Sharing Rules

By general sharing rules, we mean rules that apply to everybody in your company.

Navigating to sharing rules

Log in to your CRM account.
Click the User Menu on the top right corner of the CRM screen.
Click Settings.
Look for the User Management section.
Click Sharing Rules.

What do sharing rules look like

You will see the following screen when you open the Sharing Rules page:

The different columns are for assigning different rules for the modules mentioned under the Modules column. When you enable a radio button under a column, the rule mentioned in the column name gets applied to the module.

For example, if you set the Contacts module to Private, then users can access only the contact records that are assigned to them. On the other hand, if you set the Organizations module to Public - Read-only, then users can fully access their own records but only view others' records.

However, Admin users have full access to all the modules and records.

Follow these steps to set general sharing rules:

Log in to your CRM account.
Click the User Menu on the top right corner of the CRM screen.
Click Settings.

You will land on the Settings page.

Look for the User Management section.
Select Sharing Rules.
Select a module and enable the radio button under a column to enable the rule.
Click the Apply New Sharing Rules button.

Configuring Record-Level Access

When Record-Level Access is enabled for a module, then the records in the module are accessible only to their owners and co-owners.

Follow these steps to set the sharing rules to record-level access:

Log in to your CRM account.
Click the User Menu on the top right corner of the CRM screen.
Click Settings.
- You will land on the Settings page.
Look for the User Management section.
Select Sharing Rules.
Select a module and enable the radio button under the Record Level Access column.
Click the Apply New Sharing Rules button.

Who are the owners and co-owners of a record

The owner of a record is the user in the Assigned To field. The co-owner of a record is the user in the Co-owners field.

A record can have one or more co-owners depending on the value of the field - it can be either a user or a group. When the value is a group name, then all the users belonging to the group become co-owners.

To learn more about groups, click here.

Note:

In the case of nested groups (where a group is a part of another group), all the members of the group get access to records.
You cannot set up Advanced Sharing Rules when you select Record Level access.
Admin users do not get access to records if they are not an owner or co-owner.
Only record owners and co-owners can access records via APIs. Other users get a Permission Denied alert.

Setting up the co-owners of a record

You must first create the Co-owner field in a record and then assign a user or a group to it.

Follow these steps to set up co-owners:

Step 1: Creating the Co-owner field.

Log in to your CRM account.
Click the User Menu on the top right corner of the CRM screen.
Click Settings.
Look for the Module Management section.
Select Module Layouts & Fields.
Choose a module from the Select Module drop-down.
Click the Detail View Layout tab.
Click the +Add Custom Field button under any block you want to create it in.
- You can also create a new block:
  1. Click the +Add Block button.
  2. Enter the block name.
  3. Choose the existing block after which you want to add the new block.
  4. Click Save.
  5. Click the +Add Custom Field button in the newly created block.
Select Co-owners from the Select Field Type drop-down.
Set the field properties:

Mandatory Field - Entering a value for the field becomes mandatory.
+Quick Create - The field becomes available under Quick Create.
Key Field View - The field appears in the Key Fields section of a contact’s Summary View.
Header View - The field appears in the Header section of a contact’s Summary View.
Mass Edit - You can perform a mass edit action on the field.

Click Save.

Step 2: Choosing the co-owner(s) for a record.

Click the Main Menu.
Go to the module where you created the Co-owners field in Step 5.
Open a record in the module.
Click the Details tab on the right sidebar.
Search for the Co-owners field using the search bar.
Choose a user or a group in the field to make them the co-owner.
Click Save.

Configuring Advanced or Custom Sharing Rules

Custom sharing rules are used to allow subordinates to perform actions on their superiors’ records. If you are a user at a higher level in the hierarchy, you can grant permissions to your subordinates to access your records in a module. This can be done even when the module is made Private.

You might ask, “How is it different from the Public mode?”.

The Public mode allows everybody to access your records. But the idea behind advanced or custom sharing rules is to provide selective access to groups and roles, and even subordinates.

For instance, a Sales Manager is at a higher level than a Sales Rep in the role hierarchy. When sharing rules are set to Private, a Sales Manager can view a Sales Rep’s records, but the other way around is not possible.

Now, the Sales Manager wants to give access to his records to a Sales Rep. Setting sharing rules to Public makes the records visible to all the users. But setting up custom sharing rules gives the Sales Manager the flexibility to grant exclusive access to the Sales Rep.

Follow these steps to set up custom sharing rules:

Log in to your CRM account.
Click the User Menu on the top right corner of the CRM screen.
Click Settings.
Look for the User Management section.
Select Sharing Rules.
Select a module and click the downward arrow under the Advanced Sharing Rules column.
Define the custom rule. Let’s take an example of the Contacts module.

Click the +Add Custom Rule button.
Enter the following information:
- Contacts of: Whose contact records you want to share
- Can be accessed by: Who can access the contact records
- With permissions: Which access permissions must be given
Click Save.

Click the Apply New Sharing Rules button.

Sharing Rules vs. Profiles

Confused about how Sharing Rules and Profiles are different?

Here is a simple explanation:

Sharing Rules define what records your users can view. Profiles, on the other hand, define the actions that users can perform on records.

Refer to the table below for more clarity.

Profiles→ Sharing Rules↓	Read	Read + Write	Read + Write + Delete
Private	Users can only read their records and the records of their subordinates. Users cannot read + write + delete the records of their peers and superiors.	Users can read + write their records and the records of their subordinates. Users cannot read + write + delete the records of their peers and superiors.	Users can read + write + delete their records and the records of their subordinates. Users cannot read + write + delete the records of their peers and superiors.
Public - Read	Users can only read the records of all the users. Users cannot write + delete the records of their peers and superiors.	Users can only read + write their records and the records of their subordinates. Users can read but cannot write + delete the records of their peers and superiors.	Users can read + write + delete their records and the records of their subordinates. Users can read but cannot write + delete the records of their peers and superiors.
Public - Read + Write	Users can only read the records of all the users.	Users can only read + write the records of all the users.	Users can read + write + delete their records and the records of their subordinates. Users can read + write but cannot delete the records of their peers and superiors.
Public - Read +Write + Delete	Users can only read the records of all the users.	Users can only read + write the records of all the users. Users cannot delete the records of their peers and subordinates.	Users can read + write + delete the records of all the users.

To learn more about Profiles, click here.

Was this article helpful?

1 out of 1 found this helpful.

Managing Sharing Rules What is GDPR Closed States Set up a Workflow Action to Create an SMS Task Automation - Workflow Action - Webhook

Comments 0

Be the first to comment